What is ndisdrv.sys, How to remove ndisdrv.sys


ndisdrv.sys is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: ndisdrv
Filename: ndisdrv.sys
Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NDISDRV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ndisdrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NDISDRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ndisdrv

Command: c:\windows\system32\ndisdrv.sys
Startup Type: Driver
DDS/Combofix/RSIT Line:

S3 ndisdrv;ndisdrv;\??\c:\windows\system32\ndisdrv.sys –> c:\windows\system32\ndisdrv.sys [?]

Description: trojan-rootkit also known as Mal/Rootkit-Q [Sophos]

How to remove:

Download OTM by OldTimer from here
Run OTM.
Copy, then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:services
ndisdrv

:files
c:\windows\system32\ndisdrv.sys

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. When the tool is finished, it will produce a report for you.
Download and run Malwarebytes` Anti-malware

Leave a Reply